Some cyber companies are on "thin ice" legally, said Nate Fick, now CEO of Endgame Inc., speaking this morning at the CNAS conference. (You can tune into the meeting on your computer by going to the CNAS website.)
Fick, a former CEO of CNAS, said this is a murky world we need to know more about, with companies emerging that are providing capabilities that run way ahead of policy and rules.
One of the big issues looming out there is the issue of the "hack back." That is, does someone under cyberattack -- whether an individual, a company, or a part of the government -- have the right to respond in kind? Or to hire someone to do that?
I think this parallels the issue in government of having pre-existing authorization to respond to a cyber intrusion. I am told that the Pentagon cyberwarriors have been asking for such authorizations, but that the White House has been resisting giving such blanket pre-approvals. This is an interesting issue that could get into questions of civilian control of the military. In some ways it is reminiscent of the creation of doctrine for the command and control of nuclear weapons. But it also gets us deep into issues of privacy and surveillance -- as we are seeing now with the NSA.